Permission to view all indices and create dashboards

Elastic Stack Kibana
1

I am looking to give permission SAML user to read all indices and I have done the following:

  1. assign the following permissions with role indices_viewer
  2. Confirm role mapping is setup

However users are still getting 403, what is the next step of troubleshooting?

{
  "indices_viewer" : {
    "cluster" : [ ],
    "indices" : [
      {
        "names" : [
          "*"
        ],
        "privileges" : [
          "read",
          "monitor",
          "view_index_metadata"
        ],
        "field_security" : {
          "grant" : [
            "*"
          ],
          "except" : [ ]
        },
        "allow_restricted_indices" : false
      }
    ],
    "applications" : [ ],
    "run_as" : [ ],
    "metadata" : { },
    "transient_metadata" : {
      "enabled" : true
    }
  }
}
2

Hello,

Try looking at the network requests that are getting 403s in your browser debugger. They'll usually have a message in the response that gives clues as to what permissions are missing and needed.

Hope that helps!

Regards,
Aaron

3

That role does not appear to have access to Kibana.
Are you encountering the 403 error while logging into Kibana? If so, that is a likely cause.

4

Sorry, I was not specific enough after re-reading my post.

The user are able to login but they are not seeing any indices. The users also have kibana_admin in addition to the above custom role.

However, they are still getting 403 on the dashboards. Is there a built-in user permission to able to read all indices?

PUT _security/role_mapping/CLOUD_SAML_TO_KIBANA_ADMIN
{
  "enabled": true,
  "roles": [
    "kibana_admin"
  ],
    "rules": { "all" : [ 
        { "field": { "realm.name": "okta-realm" } }, 
        { "field": { "groups": "elastic-cloud" } }
    ]},
  "metadata": {
    "version": 1
  }
}
5

In which case the issue is almost certainly with your role mapping to the indices_viewer role. Tat role is correctly set up to grant read access to all indices, but it doesn't look like your users are being assigned the role.

6

Thanks @TimV

The users have roles mapped to kibana_admin and indices_viewer. They can login but not able to see any indices or dashboard from the indices.

image
image748×351 39 KB

So it looks like the roles mapping is not working. Is it possible to see their roles from my account? GET /_security/_authenticate/ doesn't work from my account as I can only see my permissions.

7

I confirmed the user are getting indices_viewer but still cannot see any indices or dashboard(cluster health dashboard for instance). So it looks like this is role permission rather?

GET /_security/_authenticate/
{
  "username" : "foo.bar@example.com",
  "roles" : [
    "kibana_admin",
    "indices_viewer",
    "anonymous"
  ],
...
8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.